Southwest Washington Regional Surgery Center in Vancouver, WA, has experienced a phishing attack that has led to the disclosure of 2,393 patients’ protected health information.

The breach was restricted to a single electronic mail account and no proof was found to indicate any electronic mails have been accessed or downloaded by the attacker. An extensive inquiry was carried out with help provided by a third-party cybersecurity company. The inquiry finished on September 25.

The inquiry included a manual analysis of all electronic mails in the undermined account to recognize patients affected and the kinds of information that might have been undermined.

Southwest Washington Regional Surgery Center clarified in its breach notification that the beach was restricted to the following PHI elements: Names, Social Security numbers, driver’s license numbers, medical information, and for a restricted number of patients, credit card numbers.

The inquiry disclosed the electronic mail account was undermined on May 27, 2018 and access continued possible until August 13, 2018.

Patients impacted by the breach were sent breach notice letters on November 6, 2018 and have been offered free credit checking and identity theft restoration facilities for 12 months. Information has also been provided on the steps that must be taken to decrease the danger of identity theft and scam.

The breach has driven Southwest Washington Regional Surgery Center to increase its electronic mail access procedures to avoid more successful phishing attacks, passwords were reset, and its password policy updated.